This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/YJVwJOU5BIdjmbmuNaG_Moqme0A.roa
File:                     YJVwJOU5BIdjmbmuNaG_Moqme0A.roa (raw, json)
Hash identifier:          pxWTdfj/gksEfbN9Q6jXgY0E6qgRaxawxIifZ5RZehU=
Subject key identifier:   60:95:70:24:E5:39:04:87:63:99:B9:AE:35:A1:BF:32:8A:A6:7B:40
Certificate issuer:       /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial:       019C09A231DB318F4F176B63C3A071819DC2
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/YJVwJOU5BIdjmbmuNaG_Moqme0A.roa
Signing time:             Thu 29 Jan 2026 12:02:30 +0000
ROA not before:           Thu 29 Jan 2026 12:02:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        88.209.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 30 Jan 2026 12:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:09:a2:31:db:31:8f:4f:17:6b:63:c3:a0:71:81:9d:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
        Validity
            Not Before: Jan 29 12:02:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60957024e53904876399b9ae35a1bf328aa67b40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:c3:cc:3d:4f:b7:5d:7e:99:15:ce:65:80:55:
                    02:60:ff:7b:c7:e9:5a:49:7f:e3:af:ec:b5:e9:45:
                    3e:3a:d6:c2:63:26:a5:e4:c0:9f:bd:b0:55:5b:28:
                    e5:b3:89:2c:e9:03:58:a1:1f:9d:e1:1b:dc:9f:ec:
                    f5:64:4e:f5:41:59:02:56:87:76:89:e9:c7:08:b2:
                    f8:13:7a:fe:c6:ca:ea:6e:14:32:e0:90:31:66:06:
                    89:04:92:36:b9:be:73:33:c9:e7:a5:e2:d0:38:eb:
                    77:81:04:a6:1f:ee:5c:3f:af:9a:76:43:1d:bf:46:
                    c8:da:fb:6c:1a:7a:a4:be:fa:21:92:43:10:f4:32:
                    de:b4:75:71:5a:82:fc:a4:1b:e0:e7:2d:94:31:12:
                    0b:b2:3a:4a:10:56:bf:46:66:98:54:24:91:7e:5f:
                    e0:8f:ce:87:86:3e:a5:4c:56:b6:63:2f:d7:2c:cd:
                    4f:59:b0:7c:2e:f6:38:c4:28:92:8a:1c:8e:48:d2:
                    51:f9:4c:a5:f6:0a:27:66:b0:7c:48:7b:70:04:be:
                    08:75:70:fb:c0:24:fe:9e:b5:0e:67:2a:ae:42:b4:
                    3c:14:a9:95:67:72:a1:d2:02:cd:32:4f:18:43:eb:
                    26:6d:11:f6:78:3f:fc:bb:49:d6:bf:bf:f5:9b:98:
                    7b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:95:70:24:E5:39:04:87:63:99:B9:AE:35:A1:BF:32:8A:A6:7B:40
            X509v3 Authority Key Identifier:
                keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/YJVwJOU5BIdjmbmuNaG_Moqme0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.209.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:75:ee:e9:74:3c:22:65:08:a2:02:fb:f8:a3:e4:ff:d6:6a:
         6a:24:51:76:fa:4d:a6:3b:52:10:94:82:0c:6c:3b:13:b2:69:
         40:2d:23:69:5c:d7:d9:89:f7:70:15:24:42:09:ec:7f:c3:a6:
         ac:7e:39:ca:88:14:0c:92:2f:87:51:8b:70:1f:c6:23:3c:cf:
         df:40:0d:c9:92:fa:d0:34:6e:05:b1:c4:0b:f8:6e:72:74:1e:
         a7:f5:04:ac:f5:8f:ca:32:f5:d2:8d:d4:fb:cc:ae:98:41:cc:
         d3:a8:ad:12:c7:e6:4d:d0:34:fb:83:ab:c7:55:56:58:82:8c:
         5f:d6:f7:ca:09:cf:03:1b:32:ce:02:7c:f0:b0:c9:20:de:96:
         2e:a6:69:86:33:a6:51:ca:5d:18:26:7a:19:02:39:aa:51:85:
         92:9a:8d:7f:12:79:ad:58:71:af:d0:28:44:24:eb:30:f4:e9:
         3c:be:5e:ec:68:1b:68:59:c7:bd:cb:55:22:da:ab:ee:ec:a1:
         86:21:84:3e:1c:9d:59:47:62:62:60:c1:97:40:8c:83:d3:2b:
         8c:1b:01:ae:ca:0f:6b:30:6b:2a:86:86:b3:78:b0:aa:c7:19:
         da:1c:5b:d3:08:40:09:a2:b7:88:2b:a1:ca:18:2a:d4:af:3f:
         f2:c3:1d:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwJojHbMY9PF2tjw6BxgZ3CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjYwMTI5MTIwMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDk1NzAyNGU1MzkwNDg3NjM5OWI5YWUzNWExYmYzMjhhYTY3YjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3sPMPU+3XX6ZFc5lgFUCYP97x+la
SX/jr+y16UU+OtbCYyal5MCfvbBVWyjls4ks6QNYoR+d4Rvcn+z1ZE71QVkCVod2
ienHCLL4E3r+xsrqbhQy4JAxZgaJBJI2ub5zM8nnpeLQOOt3gQSmH+5cP6+adkMd
v0bI2vtsGnqkvvohkkMQ9DLetHVxWoL8pBvg5y2UMRILsjpKEFa/RmaYVCSRfl/g
j86Hhj6lTFa2Yy/XLM1PWbB8LvY4xCiSihyOSNJR+Uyl9gonZrB8SHtwBL4IdXD7
wCT+nrUOZyquQrQ8FKmVZ3Kh0gLNMk8YQ+smbRH2eD/8u0nWv7/1m5h7EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCVcCTlOQSHY5m5rjWhvzKKpntAMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvWUpWd0pPVTVCSWRqbWJtdU5hR19Nb3FtZTBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWNHAMA0G
CSqGSIb3DQEBCwUAA4IBAQAzde7pdDwiZQiiAvv4o+T/1mpqJFF2+k2mO1IQlIIM
bDsTsmlALSNpXNfZifdwFSRCCex/w6asfjnKiBQMki+HUYtwH8YjPM/fQA3JkvrQ
NG4FscQL+G5ydB6n9QSs9Y/KMvXSjdT7zK6YQczTqK0Sx+ZN0DT7g6vHVVZYgoxf
1vfKCc8DGzLOAnzwsMkg3pYupmmGM6ZRyl0YJnoZAjmqUYWSmo1/EnmtWHGv0ChE
JOsw9Ok8vl7saBtoWce9y1Ui2qvu7KGGIYQ+HJ1ZR2JiYMGXQIyD0yuMGwGuyg9r
MGsqhoazeLCqxxnaHFvTCEAJoreIK6HKGCrUrz/ywx3H
-----END CERTIFICATE-----